[Snort-users] More info on "DDOS - TFN client command LE"

Dragos Ruiu dr at ...381...
Mon Sep 16 21:00:02 EDT 2002

On September 17, 2002 03:41 am, Jeff Taylor wrote:
> Can anyone give me more information on this attack, "DDOS - TFN client
> command LE"?  It just showed up in my logs from the ISP's router
> address.

Tribe Flood Network is a distributed denial of service client.

A single alert is likely just a false from a data packet. 
Lots of alerts are worth some investigation.  In either case
looking at the offending packet(s) should offer some help.

This client isn't so "fashionable" any more as more sophistcated
tools exist for the same - so I'd guess a false positive.


dr at ...381...   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002

More information about the Snort-users mailing list